1. General Information

- This policy applies to the website operating under the URL: **invellis.co.uk**

- The operator of the site and the Personal Data Administrator is: Kasztelan LTD, 62 High Street, MK40 1NT, Bedford

- Contact email address of the operator: invellis@hotmail.com

- The operator is the Administrator of your personal data in relation to data voluntarily provided in the Service.

- The Service uses personal data for the following purposes:

- Conducting a newsletter

- Operating a commenting system

- Handling inquiries through a form

- Preparation, packaging, shipping of goods

- Execution of ordered services

- Presentation of the offer or information

- The Service acquires information about users and their behavior in the following way:

     1. Through data voluntarily entered in forms, which are entered into the Operator's systems.

     2. By saving cookie files (so-called “cookies”) in end-user devices.

2. Selected Data Protection Methods Used by the Operator

- Places of logging in and entering personal data are protected in the transmission layer (SSL certificate). Thus, personal data and login data entered on the site are encrypted on the user's computer and can only be read on the target server.

- Personal data stored in the database are encrypted in such a way that only the Operator possessing the key can read them. This ensures that the data is protected in case of theft of the database from the server.

- User passwords are stored in a hashed form. The hashing function works one way - it is not possible to reverse its operation, which is currently the modern standard in storing user passwords.

- The Operator periodically changes its administrative passwords.

- To protect data, the Operator regularly makes backup copies.

- An essential element of data protection is the regular update of all software used by the Operator to process personal data, which particularly means regular updates of programming components.

3. Hosting

- The Service is hosted (technically maintained) on the servers of the operator: Invelio.co.uk

4. Your Rights and Additional Information on How Data is Used

- In some situations, the Administrator has the right to transfer your personal data to other recipients, if it is necessary to perform the contract concluded with you or to fulfill the obligations incumbent on the Administrator. This applies to the following groups of recipients:

     - hosting company on the basis of entrustment

     - couriers

     - postal operators

     - legal offices and debt collectors

     - banks

     - payment operators

     - authorized employees and associates who use the data to achieve the purpose of the site

     - companies providing marketing services for the Administrator

- Your personal data processed by the Administrator no longer, than is necessary to perform the related activities specified by separate regulations (e.g., on accounting). Regarding marketing data, they will not be processed for longer than 3 years.

- You have the right to request from the Administrator:

     - access to personal data concerning you,

     - their correction,

     - deletion,

     - processing restrictions,

     - and data portability.

- You have the right to object in the scope of processing indicated in point 3.3 c) against the processing of personal data for the performance of legally justified interests pursued by the Administrator, including profiling, provided that the right of objection cannot be performed in case of the existence of valid legally justified reasons for processing, overriding your interests, rights, and freedoms, in particular the establishment, investigation, or defense of claims.

- Providing personal data is voluntary, but necessary to service the Website.

- In relation to you, actions may be taken consisting of automated decision-making, including profiling, in order to provide services under the concluded contract and in order for the Administrator to conduct direct marketing.

- Personal data are transferred from third countries within the meaning of the regulations on the protection of personal data. This means that we transmit them outside the European Union.

5. Information in Forms

- The Service collects information voluntarily provided by the user, including personal data, if they are provided.

- The Service may save information about connection parameters (time stamp, IP address).

- The Service, in some cases, may save information facilitating the linking of data in the form with the email address of the user filling out the form. In this case, the user's email address appears inside the URL of the page containing the form.

- Data provided in the form are processed for the purpose resulting from the function of a specific form, e.g., to process a service request or commercial contact, registration of services, etc. Each time the context and description of the form in a clear manner informs what it is used for.

6. Administrator's Logs

- Information on the behavior of users in the service may be subject to logging. These data are used to administer the service.

7. Important Marketing Techniques

- The Operator uses statistical analysis of traffic on the site, through Google Analytics (Google Inc. based in the USA). The operator does not transfer personal data to the operator of this service, only anonymized information. The service is based on the use of cookies in the user's end device. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/

- The operator uses the Facebook pixel. This technology means that the Facebook service (Facebook Inc. based in the USA) knows that a person registered in it is using the Service. It is based on data for which it itself is the administrator, the Operator does not transfer any additional personal data from itself to the Facebook service. The service is based on the use of cookies in the user's end device.

- The Operator uses a solution that automates the operation of the Service in relation to users, e.g., that can send an email to the user after visiting a specific subpage, if he has consented to receive commercial correspondence from the Operator.

8. Information about Cookies

- The Service uses cookies.

- Cookies (so-called "cookies") are computer data, in particular text files, which are stored in the User's end device of the Service and are intended for use with the Service's web pages. Cookies usually contain the name of the website they come from, the storage time on the end device, and a unique number.

- The entity placing cookies on the end device of the Service User and accessing them is the operator of the Service.

- Cookies are used for the following purposes:

     1. Maintaining the session of the Service user (after logging in), thanks to which the user does not have to re-enter the login and password on every subpage of the Service;

     2. Realization of the purposes specified above in the part "Important marketing techniques";

- Within the Service, two basic types of cookies are used: "session" (session cookies) and "permanent" (persistent cookies). "Session" cookies are temporary files that are stored in the User's end device until logging out, leaving the website, or turning off the software (web browser). "Permanent" cookies are stored in the User's end device for the time specified in the cookies' parameters or until they are deleted by the User.

- Web browsing software (web browser) usually by default allows the storage of cookies in the User's end device. Service users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject is contained in the help or documentation of the web browser.

- Restrictions on the use of cookies may affect some of the functionalities available on the Service's web pages.

- Cookies placed in the end device of the Service User may also be used by entities cooperating with the Service operator, in particular, this applies to companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

9. Cookie Management - How to Express and Withdraw Consent in Practice?

- If the user does not want to receive cookies, they can change the browser settings. We reserve that disabling the handling of cookies necessary for authentication processes, security, maintaining user preferences can hinder, and in extreme cases, may prevent the use of www pages.

- To manage the cookie settings, select from the list below the web browser you use and follow the instructions:

o    Edge

o    Internet Explorer

o    Chrome

o    Safari

o    Firefox

o    Opera

Mobile devices:

o    Android

o    Safari (iOS)

o    Windows Phone